lastlogon vs lastLogonTimestamp vs lastLogondate

While working with Active Directory objects, most of the time we have query to get objects using datetime. Its much confusing to understand difference between PowerShell lastLogon vs lastLogonTimestamp vs lastLogonDate attributes.

In Active directory, object have lastlogon attributes like lastLogon, lastLogonTimestamp, lastLogondate.

In this article, I will try to explain base on my experience the difference between PowerShell lastLogon vs lastLogonTimestamp vs lastLogondate attributes in Active Directory.

lastLogon vs lastLastonTimeStamp
lastLogon vs lastLogonTimestamp

Let’s understand last logon attributes in details with examples using PowerShell.

PowerShell LastLogon

When user logs on to computer, lastLogon attribute updated in domain controller. LastLogon attribute updated in one DC after user interactive logon. It means lastLogon attribute doesn’t replicated.

LastLogon is very much helpful to identify stale account or if you want to know which computers user has logged or not.

When we run the command, it will return recent logon timestamp of domain controller where the user interactively logs on.

PowerShell lastLogon return most recent logon timestamp of ad user in number format which is not human readable and require to convert it in date timestamp format.

To convert lastLogon number format to date timestamp run below command to understand

Get-ADUser -Identity Toms -Properties LastLogon | Select Name, @{Name='LastLogon';Expression={[DateTime]::FromFileTime($_.LastLogon)}}

In the above PowerShell script, Get-AdUser cmdlet get user properties specified by Identity parameter and pass output to second command.

@{Name=’LastLogon’;Expression={[DateTime]::FromFileTime($_.LastLogon)}} – convert lastlogon number format to date timestamp.

PowerShell lastLogonTimestamp

lastLogonTimestamp attribute replicated to all domain controllers.

To prevent replication traffic every time a user logs on, its value is updated after certain interval. Active Directory calculates interval to update PowerShell lastLogonTimestamp value. Default update value is 14 days.

ms-DS-Logon-Time-Sync-Interval attribute define lastLogonTimestamp default value. if its value not set , default update value is 14 days.

lastLogonTimestamp is replicated version of lastLogon. It returns last logon timestamp in number format which is not human readable format and require date timestamp conversion.

PowerShell lastLogonDate

lastLogonDate attribute is locally calculated value of lastLogonTimestamp attribute in date format.

Its very easy to write date time related query with PowerShell lastLogonDate when we want to query get active directory objects or find active directory objects details using lastLogonTimestamp attribute.

lastLogon vs lastLogonTimestamp vs lastLogonDate

Let’s understand above discussed lastLogon vs lastLogonTimestamp vs lastLogonDate difference in active directory with example as below

Let’s consider to get active directory user detail using Get-ADUser cmdlet. When the user logs on to computer in active directory, it stores logon date timestamp information in attributes.

Get-AdUser -Identity johnp  -Properties * | Select DisplayName,LastLogon,LastLogonDate,LastLogonTimeStamp

In the above PowerShell script,

Get-ADUser cmdlet returns active directory user properties specified by Identity parameter and pass output to second command.

Second command, Select Name, DistinguishedName, LastLogon, LastLogonTimestamp and LastLogonDate from active directory user properties and print it on console as below

Name              LastLogon LastLogonDate        LastLogonTimeStamp
----              --------- -------------        ------------------
John Paul 132722084016061942 7/29/2021 7:10:42 PM 132720594421239827

In the above output, LastLogon and LastLogonTimestamp attribute has non-human readable format output and require conversion.

After applying datetime format conversion in PowerShell script, script look like as below

Get-AdUser -Identity johnp  -Properties * | Select DisplayName,@{Name='LastLogon';Expression={[DateTime]::FromFileTime($_.LastLogon)}},LastLogonDate,@{Name='LastLogonTimestamp';Expression={[DateTime]::FromFileTime($_.LastLogonTimestamp)}}

Output of above PowerShell script for lastLogon vs lastLogonTimestamp vs lastLogonDate as below

lastLogon vs lastLogonTimestamp vs lastLogonDate
lastLogon vs lastLogonTimestamp vs lastLogonDate

In the above image, you can see the difference of lastLogon and lastLogonTimestamp attribute values.

lastLogonTimestamp attribute user log on value not updated in domain controller and as explained above, active directory performs calculation to update datetime to prevent replication traffic.

As discussed above PowerShell LastLogonDate is locally calculated value of lastLogonTimestamp in date time format.

Cool Tip: How to get ad user not logged in x days in PowerShell!

Conclusion

I hope above article on PowerShell lastLogon vs lastLogonTimestamp vs lastLogonDate attributes helpful to you and decide which attribute to use.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on ShellGeek home page.

Leave a Comment